Chapter Two

2
Industry Regulation
1. Financial Services Regulation 43

2. Financial Crime 47

3. Corporate Governance 55

4. Ethical Standards 61

This syllabus area will provide approximately 9 of the 100 examination questions
42
 Industry Regulation

1. Financial Services Regulation

Learning Objective

2
2.1.1 Know the primary function of the following bodies in the regulation of the financial services
industry: Securities and Exchange Commission (SEC); Financial Conduct Authority (FCA);
European Union (EU); International Organization of Securities Commissions (IOSCO)

With the increasing globalisation of financial markets, there is a demand from governments and
investment firms for a common approach to regulation in different countries. As a result, there is a
significant level of co-operation between financial services regulators worldwide and, increasingly,
common standards, money laundering rules being probably the best example.

1.1 Regulatory Bodies

1.1.1 Securities and Exchange Commission (SEC)

The SEC is the financial services market regulator in the US. It monitors securities exchanges, brokers,
dealers, investment advisers and mutual funds. The SEC aims to ensure that market-related information
is disclosed to the investment community in a fair and timely manner. It also enforces laws to prevent
investors suffering from unfair trading practices and insider trading.

1.1.2 Financial Conduct Authority (FCA)

The regulatory system in the UK changed in 2013, with the previous single regulator (the Financial
Services Authority) being replaced by two new regulatory agencies in a structure known as Twin Peaks.

Prudential Regulatory Authority (PRA) the PRA is a subsidiary of the Bank of England and is
responsible for the prudential supervision of banks, insurance companies and complex investment
firms.
Financial Conduct Authority (FCA) the FCA is responsible for the prudential supervision of firms
not supervised by the PRA including brokers, wealth management companies, financial advisers
and investment exchanges. It is also responsible for the conduct of business rules that all firms must
adhere to.

The FCA has been given a single strategic objective and three operational objectives.

Broadly, the FCA is responsible for ensuring that financial markets work well, so that consumers get a
fair deal, whilst the focus of the PRA is on stability the safety and soundness of deposit-taking firms,
insurers and systemically important investment firms.

43
1.1.3 European Union (EU)
The European Union does not have a single regulator and instead rules and regulations are set by each
country. The EU, however, has been working for some years to co-ordinate rules across EU countries in
order to bring about a single market in financial services.

The concept behind a single market is that financial institutions authorised to provide financial services
in one member state can provide the same services throughout the EU, competing on a level playing
field within a consistent regulatory environment.

To this end, the EU has passed a series of directives aimed at harmonising rules across each country and
promoting the cross-border offering of investment services and products.

The European Securities and Markets Authority (ESMA) works on securities legislation in order to
contribute to the development of a single rulebook in Europe. Its role involves standard setting in
order to ensure that there is consistent investor protection across the EU and it works closely with other
European supervisory authorities and the European Systemic Risk Board (ESRB) on potential risks to the
financial system.

1.1.4 International Organization of Securities Commissions (IOSCO)

The need for international co-operation between regulatory bodies led to the creation of an
international organisation the International Organization of Securities Commissions (IOSCO).
IOSCO was set up in 1983 when 11 securities regulatory agencies from North and South America
merged with the existing inter-American regional association. Subsequently, in 1984, regulators from
France, Indonesia, Korea and the United Kingdom joined to turn it into a truly international co-operative
body. Its members regulate more than 90% of the worlds securities markets, and the IOSCO is today the
worlds most important international co-operative forum for securities regulatory agencies. Through
this forum, regulators co-operate in the development and enforcement of standards and surveillance of
international transactions. They use IOSCO structures to:

co-operate to promote high standards of regulation;

exchange information to promote development of markets;
unite their efforts to establish standards and effective surveillance of international securities
transactions;
provide mutual assistance to promote integrity of markets by a rigorous application of standards
and by effective enforcement against offences.

The IOSCO Principles that underpin the objectives of most securities regulators worldwide are shown in
Appendix 1 at the end of this section.

1.2 The Role and Activities of Regulators

Governments are responsible for setting the role of regulators and in so doing will clearly look to see
that international best practice is followed through the adoption of IOSCO objectives and principles and
by co-operation with other international regulators and supervisors.

44
 Industry Regulation

As an example of this, European governments co-operate regionally to ensure there is a framework

of regulation that encourages the cross-border provision of financial services across Europe by
standardising or harmonising each countrys respective approach. European regulators co-operate
to co-ordinate activities and draft the detailed rules needed to introduce pan-European regulation

2
through the European Securities and Markets Authority (ESMA).

In Asia, the basic structure and content of securities regulation is increasingly similar to the model
adopted in most other parts of the world and most countries are members of IOSCO and subscribe to its
principles of securities regulation.

Appendix 1

IOSCO Principles
In 1998, IOSCO issued a comprehensive set of Objectives and Principles of Securities Regulation (the IOSCO
Principles), recognised today by the worlds financial community as international benchmarks for all markets.

The Objectives of Securities Regulation and Regulators

The objectives of securities regulation are:

the protection of investors;

ensuring that markets are fair, efficient and transparent;
the reduction of systemic risk.

The three objectives are closely related and in some respects overlap. Many of the requirements that
help to ensure fair, efficient and transparent markets also provide investor protection and help to reduce
systemic risk. Similarly, many of the measures that reduce systemic risk provide protection for investors.

Although there are local differences in market structures, these objectives form a basis for an effective system of
securities regulation, and the key areas that IOSCO considers should be addressed under each are set out below.

1. The Protection of Investors

Investors should be protected from misleading, manipulative or fraudulent practices, including insider
trading, front running or trading ahead of customers and the misuse of client assets.

Full disclosure of information material to investors decisions is the most important means for ensuring investor
protection. Investors are thereby better able to assess the potential risks and rewards of their investments and
thus protect their own interests. As key components of disclosure requirements, accounting and auditing
standards should be in place and they should be of a high, and internationally acceptable, quality.

Only duly licensed or authorised persons should be permitted to present themselves to the public as
providing investment services, for example, as market intermediaries or the operators of exchanges.
Initial and ongoing capital requirements imposed upon those licence-holders and authorised persons
should be designed to achieve an environment in which a securities firm can meet the current demands
of its counterparties and, if necessary, wind down its business without loss to its customers.

45
Supervision of market intermediaries should achieve investor protection by setting minimum standards
for market participants. Investors should be treated in a just and equitable manner by market
intermediaries, according to standards which should be set out in conduct of business rules. There
should be a comprehensive system of inspection, surveillance and compliance programmes.

Investors in the securities markets are particularly vulnerable to misconduct by intermediaries and
others, but the capacity of individual investors to take action may be limited. Further, the complex
character of securities transactions and of fraudulent schemes requires enforcement of securities laws.
Where a breach of law does occur, investors should be protected through the strong enforcement of the
law. Investors should have access to a neutral mechanism (such as the courts or other mechanisms of
dispute resolution) or means of redress and compensation for improper behaviour.

Effective supervision and enforcement depend upon close co-operation between regulators at the
domestic and international levels.

2. Ensuring that Markets are Fair, Efficient, and Transparent

The regulators approval of exchange and trading system operators and of trading rules helps to ensure
fair markets. The fairness of markets is closely linked to investor protection and, in particular, to the
prevention of improper trading practices. Market structures should not unduly favour some market
users over others. Regulation should detect, deter and penalise market manipulation and other unfair
trading practices.

Regulation should aim to ensure that investors are given fair access to market facilities and market or
price information. Regulation should also promote market practices that ensure fair treatment of orders
and a price formation process that is reliable.

In an efficient market, the dissemination of relevant information is timely and widespread and is
reflected in the price formation process. Regulation should promote market efficiency and transparency.
Transparency may be defined as the degree to which information about trading (both for pre-trade
and post-trade information) is made publicly available on a real-time basis. Pre-trade information
concerns the posting of firm bids and offers as a means to enable investors to know, with some degree
of certainty, whether, and at what prices, they can deal. Post-trade information is related to the prices
and the volume of all individual transactions actually concluded. Regulation should ensure the highest
levels of transparency.

3. The Reduction of Systemic Risk

Although regulators cannot be expected to prevent the financial failure of market intermediaries,
regulation should aim to reduce the risk of failure (including through capital and internal control
requirements). If financial failure nonetheless does occur, regulation should seek to reduce the impact
of that failure and, in particular, attempt to isolate the risk to the failing institution. Recent examples of
such an approach include the Dodd-Frank Act in the US and global efforts to improve banks resilience
to economic shocks and to curb excessive remuneration.

46
 Industry Regulation

Market intermediaries should, therefore, be subject to adequate and ongoing capital and other
prudential requirements. If necessary, an intermediary should be able to wind down its business
without loss to its customers and counterparties or systemic damage.

2
Risk-taking is essential to an active market, and regulation should not unnecessarily stifle legitimate
risk-taking. Rather, regulators should promote and allow for the effective management of risk and
ensure that capital and other prudential requirements are sufficient to address appropriate risk-taking,
allow the absorption of some losses and check excessive risk-taking. An efficient and accurate clearing
and settlement process that is properly supervised and utilises effective risk-management tools is
essential.

There must be effective and legally secure arrangements for default handling. This is a matter that
extends beyond securities law to the insolvency provisions of a jurisdiction. Instability may result from
events in another jurisdiction or occur across several jurisdictions, so regulators responses to market
disruptions should seek to facilitate stability domestically and globally through co-operation and
information sharing.

2. Financial Crime
Financial crimes are crimes where someone takes money or property, or uses them in an illicit manner,
with the intent to gain a benefit from it.

Reducing financial crime is a key priority for regulators, authorities and governments globally.
Organised crime groups, terrorists and fraudsters are increasingly using sophisticated international
networks and financial systems to move or store funds and assets or commit fraud. Financial institutions
are particularly vulnerable due to the nature of their businesses and the volume of transactions and
client relationships they manage.

In todays complex economy, financial crime can take many forms, but some of the main areas are
money laundering and terrorist financing, market abuse, fraud, bribery and corruption. We consider
some of these areas in the following sections.

2.1 Money Laundering

Money laundering is the process of turning dirty money (money derived from criminal activities) into
money that appears to be legitimate. Dirty money is difficult to invest or spend and carries the risk
of being used as evidence of the initial crime. Clean money can be invested and spent without risk of
incrimination. Money laundering disguises the proceeds of illegal activities as legitimate money that
can be freely spent. Increasingly, anti-money laundering provisions are being seen as the front line
against drug dealing, terrorism and organised crime.

47
There can be considerable similarities between the movement of terrorist funds and the laundering
of criminal property. Because terrorist groups can have links with other criminal activities, there is
inevitably some overlap between anti-money laundering provisions and the rules designed to prevent
the financing of terrorist acts. However, these are two major differences to note between terrorist
financing and other money laundering activities:

Often, only quite small sums of money are required to commit terrorist acts, making identification
and tracking more difficult.
If legitimate funds are used to fund terrorist activities, it is difficult to identify when the funds
become terrorist funds.

Terrorist organisations can, however, require significant funding and will employ modern techniques to
manage them and transfer the funds between jurisdictions, hence the similarities with money laundering.

2.1.1 International Approach to Combating Money Laundering

Learning Objective
2.2.1 Understand the role of the Financial Action Task Force

In response to growing international concerns over money laundering, the Financial Action Task Force
on Money Laundering (FATF) was created by a G7 summit in 1989.

FATF was given the responsibility for examining money laundering techniques and trends, reviewing
existing initiatives and producing recommendations to combat money laundering. In 1990, it issued
a report containing a set of 40 recommendations which provide a comprehensive plan of action for
fighting money laundering and which have been subsequently added to with recommendations on
tackling terrorist financing. Its recommendations form the international standards for combating
money laundering and terrorist financing and their implementation is regularly reviewed by audits of
national systems. FATF focuses on three principal areas:

Setting standards for national anti-money laundering (AML) and counter-terrorist-financing

programmes.
Evaluating how effectively member countries have implemented the standards.
Identifying money laundering and terrorist-financing methods and trends.

FATF has established four regional groups covering the Americas, Asia Pacific, Europe and the Middle
East and Africa. Using input from these groups, the FATF has undertaken an exercise to identify countries
with inadequate AML measures, referred to as non-co-operative countries and territories. Its purpose
has been to put pressure on those countries to bring their AML systems up to international standards.

48
 Industry Regulation

In conjunction with this, countries have been implementing AML laws and notable among these are:

US Patriot Act includes extensive regulatory requirements for financial institutions including
requiring them to implement a client identification programme and to screen transactions and

2
clients for risk on a routine basis.
UK Proceeds of Crime Act 2002 (POCA) earlier legislation had moved AML on to a statutory basis
and this Act substantially extended the anti-AML environment, made disclosure of income sources
compulsory and enabled the seizing of assets earned from illegal activities.
EU Money Laundering Directives extended the range of activities considered to be financial
crimes and extended the requirement to have in place AML obligations to firms outside the standard
financial services environment.

Of particular relevance to the wealth management industry is the private sector Wolfsberg Group.
The group is an association of 11 global banks (Banco Santander; Bank of Tokyo-Mitsubishi; Barclays;
Citigroup; Credit Suisse; Deutsche Bank; Goldman Sachs; HSBC; JPMorgan Chase; Socit Gnrale; and
UBS) which aims to develop financial services industry standards and related products for know your
customer, anti-money laundering and counter-terrorist-financing policies.

2.1.2 Money Laundering Offences and Firms Regulatory Obligations

Learning Objective
2.2.2 Know the main offences associated with money laundering and the regulatory obligations of
financial services firms

While the specific rules and regulations in relation to money laundering will differ from country to
country, it is worth noting that there are common features in the types of offences and the regulatory
obligations placed on financial services firms.

The main types of offences involved in money laundering are:

concealing it is an offence for a person to conceal or disguise criminal property;

arrangements it is an offence for a person to enter into an arrangement that they know or suspect
facilitates the acquisition, retention, use or control of criminal property for another person;
acquisition, use and possession it is an offence to acquire, use or have possession of criminal
property;
failure to disclose three conditions need to be satisfied for this offence:
the person knows or suspects (or has reasonable grounds to know or suspect) that another
person is laundering money;
the information giving rise to the knowledge or suspicion came to the person during the course
of business in a regulated sector (such as the financial services sector);
the person does not make the required disclosure as soon as is practicable;
tipping off it is an offence to tell a person that a disclosure of a suspicion has been made.

49
Money laundering regulations place requirements on firms that cover three main areas:

Firms are required to carry out certain identification procedures, implement certain internal
reporting procedures for suspicions and keep records in relation to anti-money laundering
activities.
The regulations also require firms to train their staff adequately in the regulations and how to
recognise and deal with suspicious transactions.
There is a catch-all requirement that firms should establish internal controls appropriate to
forestall and prevent money laundering. This includes the appointment of an employee as the firms
money laundering reporting officer (MLRO).

Officers of firms that fail to comply with the money laundering regulations are liable to a jail term and
fine, and firms may have their licence to trade terminated.

As noted above, it is an offence to fail to disclose a suspicion of money laundering. Obviously this
requires the staff at financial services firms to be aware of what constitutes a suspicion, and this is
why there is a requirement that staff must be trained to recognise and deal with what may be money
laundering transactions.

2.1.3 Stages of Money Laundering

Learning Objective
2.2.3 Know the stages of money laundering

There are three stages to a successful money laundering operation: placement, layering and integration.

Placement is the first stage and typically involves placing the criminally derived cash into some
form of bank account.
Layering is the second stage and involves moving the money around in order to make it difficult for
the authorities to link the placed funds with the ultimate beneficiary of the money. Disguising the
original source of the funds might involve buying and selling foreign currencies, shares or bonds.
Integration is the third and final stage. At this stage, the layering has been successful and the
ultimate beneficiary appears to be holding legitimate funds (clean money, rather than dirty money).

Broadly, the anti-money laundering provisions are aimed at identifying customers and reporting
suspicions at the placement and layering stages, and keeping adequate records that should prevent the
integration stage being reached.

50
 Industry Regulation

2.1.4 Client Identification Procedures

Learning Objective

2
2.2.4 Know the client identity procedures

Money laundering regulations require firms to adopt identification procedures for new clients and
keep records in relation to this proof of identity. This obligation to prove identity is triggered as soon
as reasonably practicable after contact is made and the parties resolve to form a business relationship.
Failure to prove the identity of your client could result in an unlimited fine and a jail term.

The identification procedures that a firm must carry out are usually referred to as customer due
diligence (CDD) and the procedures that must be carried out involve:

identifying the customer and verifying their identity;

identifying the beneficial owner, where relevant, and verifying their identity;
obtaining information of the purpose and intended nature of the business relationship.

It is also a requirement that financial institutions undertake checks to determine the source of funds
that the client wishes to invest. They must also check international sanction blacklists to ensure that the
client is not one with whom doing business is prohibited. Firms must also conduct ongoing monitoring
of the business relationship with their customers to identify any unusual activity.

The types of documentary evidence that are acceptable to prove the identity of a new client would
include the following:

For an individual an official document with a photograph will prove the name, eg, passport or
international driving licence; a utilities bill (gas, water or electricity) with name and address will
prove the address supplied is valid.
For a corporate client (a company) proof of identity and existence would be drawn from
the constitutional documents (Articles and Memorandum of Association) and sets of accounts.
For smaller companies proving the identity of the key individual stakeholders (directors and
shareholders) would also be required.

Checks should be made that the client is not a politically exposed person. In such cases of higher risk,
and, if the customer is not physically present when their identities are verified, then enhanced due
diligence (EDD) measures must be applied on a risk-sensitive basis.

Note: a politically exposed person (PEP) is a term used by regulators to identify persons who perform
important public functions for a state. These are individuals who require heightened scrutiny because
they hold or have held positions of public trust, such as government officials, senior executives of
government corporations, politicians, important political party officials and so on, along with their
families and close associates.

For some particular customers, products or transactions, simplified due diligence (SDD) may be
applied. Firms must have reasonable grounds for believing that the customer, product or transaction
falls within one of the allowed categories, and be able to demonstrate this to their supervisory authority.

51
2.2 Insider Dealing

Learning Objective
2.2.5 Know the offences that constitute insider dealing and the instruments covered

When directors or employees of a listed company buy or sell shares in that company, there is a possibility
that they are committing a criminal act insider dealing. For example, a director may be buying shares
in the knowledge that the companys last six months of trade was better than the market expected. The
director has the benefit of this information because he is inside the company. In nearly all markets, this
would be a criminal offence, punishable by a fine and/or a jail term.

To be found guilty of insider dealing, it is necessary to define who is deemed to be an insider, what
is deemed to be inside information, and the situations that give rise to the offence. This is shown
diagrammatically below.

Inside Information Insider Securities Insider Dealing

Is this Has it been Is it in relation to Has dealing

unpublished obtained from an price affected taken place?
price sensitive inside source? securities?
information?

Inside information is information that relates to particular securities or a particular issuer of securities
(and not to securities or securities issuers generally) and which:

is specific or precise; and

has not been made public; and
if it were made public, would be likely to have a significant effect on the price of the securities.

This is generally referred to as unpublished price-sensitive information, and the securities are referred
to as price-affected securities.

The information becomes public when it is published, for example, a UK-listed company publishing
price-sensitive news through the London Stock Exchanges Regulatory News Service. Information can
be treated as public even though it may only be acquired by persons exercising diligence or expertise
(for example, by careful analysis of published accounts, or by scouring a library).

A person has this price-sensitive information as an insider if they know that it is inside information from
an inside source. The person may have:

1. gained the information through being a director, employee or shareholder of an issuer of securities;
2. gained access to the information by virtue of his employment, office or profession (for example, the
auditors to the company); or
3. sourced the information from (1) or (2), either directly or indirectly.

52
 Industry Regulation

Insider dealing takes place when an individual acquires or disposes of price-affected securities while in
possession of unpublished price-sensitive information. It also occurs if they encourage another person
to deal in price-affected securities, or to disclose the information to another person (other than in the
proper performance of employment).

2
The instruments covered by the insider dealing rules are broadly described as securities. These include:

shares;
bonds (issued by a company or a public sector body);
warrants;
depositary receipts;
options (to acquire or dispose of securities);
futures (to acquire or dispose of securities);
contracts for difference (based on securities, interest rates or share indices).

Note that the definition of securities does not embrace commodities and derivatives on commodities
(such as options and futures on agricultural products, metals or energy products), or units/shares in
mutual funds.

2.3 Market Abuse

Learning Objective
2.2.6 Know the offences that constitute market abuse and the instruments covered

Market abuse relates to behaviour by a person or a group of people working together and which
satisfies one or more of the following three conditions:

1. The behaviour is based on information that is not generally available to those using the market and,
if it were available, it would have an impact on the price.
2. The behaviour is likely to give a false or misleading impression of the supply, demand or value of the
investments concerned.
3. The behaviour is likely to distort the market in the investments.

In all three cases the behaviour is judged on the basis of what a regular user of the market would view
as a failure to observe the standards of behaviour normally expected in the market. The market abuse
rules apply to securities traded on any regulated market.

53
Examples of market abuse are shown in the table below.

When an insider deals, or tries to deal, on the basis of inside information.

Insider dealing
(Improper disclosure and misuse of information are kinds of insider dealing.)
Improper disclosure When an insider improperly discloses inside information to another person.
Misuse of Behaviour based on information that is not generally available but which
information would affect an investors decision about the terms on which to deal.
Trading, or placing orders to trade, that gives a false or misleading impression
Manipulating
of the supply of, or demand for, one or more investments, raising the price of
transactions
the investment to an abnormal or artificial level.
Manipulating Trading, or placing orders to trade, which employs fictitious devices or any
devices other form of deception or contrivance.
Giving out information that conveys a false or misleading impression about an
Dissemination investment or the issuer of an investment when the person doing this knows
the information to be false or misleading.
Distortion and Behaviour that gives a false or misleading impression of either the supply of, or
misleading demand for, an investment; or behaviour that otherwise distorts the market in
behaviour an investment.

54
 Industry Regulation

3. Corporate Governance

Learning Objective

2
2.3.1 Know the origins and nature of corporate governance

When looking at the subject of corporate governance, an essential starting point to remember is that
a company is a separate legal entity, distinct from its shareholder owners. Moreover, the day-to-day
running of a company is the responsibility of the companys executive directors.

Corporate governance is therefore concerned with the creation of shareholder value through the
transparent disclosure of a companys activities to its shareholders, director accountability and two-way
communication between the board and the companys shareholders.

Effective governance of a company is of intrinsic interest to its shareholders, as how well companies
are run affects market confidence as well as company performance. If companies are well run, they will
generally prosper which, in turn, will enable them to attract investors whose support can help to finance
faster growth. On the other hand, poor corporate governance can weaken a companys potential and, at
worst, pave the way for financial difficulties and even fraud.

3.1 Corporate Governance Mechanisms

Learning Objective
2.3.2 Know the corporate governance mechanisms available to stakeholders to exercise their rights

The executive directors and other members of the board are ultimately accountable to the companys
shareholders for their actions in carrying out their stewardship function. Therefore, a mechanism is
needed to ensure that companies are run in the best long-term interests of their shareholders. This
mechanism is known as corporate governance.

The mechanisms by which stakeholders exercise their rights to ensure effective corporate governance
vary from country to country but include a series of laws, legal duties, regulations and codes, all of which
are designed to define the roles and responsibilities of directors, provide oversight of their activities and
then ensure that there is appropriate disclosure of the activities undertaken to shareholders and other
stakeholders.

The types of mechanisms available can be looked at under two headings: mechanisms that are in place
internally within a company and external assessment of the effectiveness of those controls.

55
Internal examples include:

An independent board of directors which monitors the activities of the executive officers of the
company in the exercise of their duties.
Separation of responsibilities between the chairman and chief executive.
Appointment of independent non-executive directors.
The establishment of specialist committees, such as audit and risk committees, to undertake
independent assessment and oversight of risks and financial reporting.

External examples include:

Legal duties imposed on directors.

Listing rules of stock exchanges that have to be adhered to.
Reporting of financial performance.
Independent audit of financial, and other, statements.

There are many different types of corporate governance models around the world:

In France, listed companies are required to comply with the OECD Principles for Corporate
Governance. This brought together three sets of initiatives in response to a European Commission
recommendation that each member state designates a Code of Reference, with which businesses
must comply, or else explain how their practices differ from it, and why.
The German Corporate Governance Code sets out the essential statutory regulations for the
management and supervision of German-listed companies and contains internationally and
nationally recognised standards for good and responsible governance.
In the UK, all listed companies are expected to abide by the UK Corporate Governance Code as a
condition of their listing on the London Stock Exchange. The Corporate Governance Code is also
known as the Combined Code or the Code of Best Practice. It consists of a series of principles which
are embodied within the FCA listing rules and so applies to all listed public companies.
In the United States, a variety of best practice recommendations have been issued over the last ten
years by various organisations representing the views of shareholders, management and directors.
Although these agreed on many key points, there were enough differences for concerns for these not
to be made prescriptive. In response to the economic crisis, the US National Association of Directors
issued in late 2008 a set of key principles that they believe most companies, boards, shareholders
and shareholder groups will also support. These principles assume that companies comply with
applicable governance-related provisions required by the Sarbanes-Oxley Act of 2002, related
regulations of the Securities and Exchange Commission (SEC) and applicable listing standards, as
well as with all other applicable laws.

56
 Industry Regulation

3.2 Corporate Governance Lessons from the Financial Crisis

Learning Objective

2
2.3.3 Understand the areas of weakness and lessons learned from the global financial crises of
200709

The credit crises of 200709 revealed a series of failures and weaknesses in corporate governance
worldwide, whilst accounting standards and regulatory supervision also proved inadequate in some areas.

When historians look back at events leading up to the extreme market falls of 200709 they are likely to
focus on the following areas:

The ability of large investment banks to run complicated and excessive risks using deposit books as
collateral from retail investors.
The increasing complexity of financial instruments and easy money conditions coupled with low
representation of the senior risk specialists on company boards.
Poor risk controls within major banks.
Did the rating agencies have a conflict of interest in issuing credit ratings on collateralised debt
obligations (CDOs) to issuers (banks) as the latter supplied them with fee revenue?
Should future risk systems assume that liquidity in any asset or market can simply disappear
overnight?
Should capital adequacy requirements be increased markedly for banks and large institutions?
Should banks be allowed to rely to such a large extent on short-term funding from the commercial
paper market?
Should traders only be rewarded for crystallised profits by way of a partnership pool which pays
out after seven years, to discourage excessive risk-taking?

These issues can be seen in the context of a series of market failures that have taken place in the past
few decades and which have required control and supervision systems to be significantly upgraded, in
order, hopefully, to prevent a future recurrence.

In this section, we examine the background to the financial crisis and then review some of the key corporate
governance lessons that can be learned. Some of these lessons have already been implemented, whilst
others are awaiting international agreement prior to a co-ordinated introduction across global markets.

57
3.2.1 Background
Corporate governance standards are designed to set best practice standards that companies and
other organisations should follow. It is not possible for them to be capable of dealing with all possible
scenarios; instead, they should be seen as a set of standards that need to be continually altered in the
light of market experiences.

Prior to the financial crisis, corporate governance standards had already had to be refined to deal with a
number of market failures:

the collapse of Barings Bank, which revealed failings in risk management processes;
the bursting of the high-tech bubble in the late 1990s, which revealed a severe conflict of interest
between brokers and analysts;
the collapse of Enron and WorldCom, which highlighted the independence needed by audit
committees;
the fraud at Parmalat, where the extent of losses and debts was hidden, in part, by the use of
derivatives.

These revealed systemic issues that required further refinement of corporate governance standards to
attempt to prevent further recurrence.

The recent financial crisis has been described as the most serious since the Great Depression. It saw
banks that were too big to fail do exactly that, saw financial institutions taken into state ownership and
saw the loss of confidence lead to an unprecedented freezing of credit conditions.

Whilst corporate governance was not the cause, some of the underlying problems could have been
prevented by more robust controls.

The crisis needs to be seen in the context of the period of global economic stability which preceded it
and which lasted far longer than any previous periods. It was a period of expansive monetary policy,
asset price booms and falling risk premiums, in which returns were sought with an apparent neglect for
the risk inherent in existing and newly devised financial instruments. This period allowed institutional
and corporate memories to forget some of the hard lessons that had been learned during the more
volatile economic conditions that had been seen from the Second World War up to the late 1980s.
Warnings about the rising level of default rates on US sub-prime mortgages by respected international
organisations were ignored, and businesses carried on as though buoyant economic conditions were a
permanent feature of the economic landscape. The lessons from previous economic cycles were either
lost or ignored.

58
 Industry Regulation

3.2.2 Corporate Governance Lessons

The Organisation for Economic Co-operation and Development (OECD) issues standards for corporate
governance that are used globally to develop local market practices.

2
Their global role led them to review the failures that had taken place and identify some of the key
lessons that needed to be learned. The following sections highlight some of their major findings.

Corporate Governance
The competitive environment post-2000 demanded boards be clear about their strategy and the
risk appetite of the company. The results of the crisis, however, uncovered severe weaknesses even
in sophisticated institutions, and found that there was a mismatch between incentive systems, risk
management and internal control systems.

Risk Management
The risk models used in many organisations failed as they did not anticipate the severity of the financial
crisis. From a corporate governance perspective, the key lesson is how the information was used in the
company, how it was communicated to the board, and the need for a company to ensure that there are
clear lines of accountability for management throughout the organisation.

Internal controls in an organisation had been focused on financial reporting in order to comply with
rules such as the Sarbanes-Oxley Act (SOX) (US standards introduced as a result of corporate and
accounting scandals). A key concern for corporate governance is that internal control cannot be viewed
in isolation, but needs to be seen within the context of an enterprise-wide risk management framework.

Despite the importance given to risk management by regulators and corporate governance principles,
the credit crisis and resulting financial turmoil revealed severe shortcomings in internal management
and the role of the board in overseeing risk management systems.

Whilst all of the largest banks in the world failed to anticipate the severity of the crisis, there was a
marked difference in how they were affected, that can be traced to their senior management structure
and risk management systems.

A review of 11 major banks by the Senior Supervisors Group (2008), a group of banking supervisors
from several leading countries, came to the following conclusions:

Exposure to collateralised debt obligations exceeded the firms understanding of the risks involved.
Bear Stearns concentration of mortgage securities was beyond its internal limits, and at HBOS, the
board had received a warning from the FSA (who were contacted by an anonymous whistleblower)
about key parts of the group as long ago as 2004.
Some firms had limited understanding and control over their potential balance sheet growth and
liquidity needs.
Firms that avoided such problems had more adaptive risk measurement processes and systems that
could rapidly alter underlying assumptions to reflect changing circumstances.
The management of better-performing firms typically enforced more active controls over the
balance sheet, liquidity, and capital. This often saw treasury functions aligned more closely with risk
management processes into global liquidity planning, including actual and contingent liquidity risk.

59
 Warning signs of liquidity risk were not acted on, and led to the collapse of both Bear Stearns and
Northern Rock. In the UK, both the Bank of England and the FSA issued warnings about the liquidity
risk that Northern Rock faced, and yet emergency credit lines were not put in place.
Stress testing and related scenario analysis is an important risk management tool, but some firms
found it challenging to persuade senior management and business line management to develop
and pay sufficient attention to the results of forward-looking stress scenarios that assumed large
price movements.
The internal structure of firms and the place of the risk management function within it led to
ineffective reporting, development of a silo mentality and a lack of systematic procedures for
centralising and escalating red flags. These were exhibited in UBS, where the board was unaware
of the scale of sub-prime losses, at Socit Gnrale, where red flags relating to unauthorised
derivatives trading were ignored, and at HBOS, where management ignored risk management
needs in its headlong rush to expand its mortgage business.

Remuneration and Incentive Systems

Remuneration and incentive systems played a key role in influencing financial institutions sensitivity to
shocks and causing the development of unsustainable balance sheet positions.

Ratings Agencies
Credit rating agencies assigned high ratings to complex structured sub-prime debt, based on
inadequate historical data and, in some cases, flawed models. They were also involved in advising on
how to structure the instrument so as to obtain a desired rating, posing serious conflicts of interest.

Regulatory Framework
Effective supervisory, regulatory and enforcement authorities are integral in ensuring a sound corporate
governance framework. In the UK, for example, the division of responsibilities between the FSA, the Bank
of England and the Treasury was unclear, and the under-resourcing and shortage of expertise in some
fundamental areas, notably prudential banking experience and financial data analysis, was also an issue.

3.2.3 Corporate Governance Changes

The fallout from the financial crisis has already led to changes to corporate governance principles and
codes worldwide.

Work is, however, ongoing across global markets to implement further actions to improve the effective
ness of corporate governance going forward.

The importance of good corporate governance is recognised internationally and has led to the
development of the OECD Principles of Corporate Governance. These have become an international
benchmark, and the Financial Stability Forum has designated the Principles as one of the 12 key
standards for sound financial systems.

The Principles are designed to support the development of a robust legal and regulatory framework
and to provide guidance and suggestions for stock exchanges, investors, corporations, and other parties
that have a role in the process of developing good corporate governance.

60
 Industry Regulation

The OECD Principles of Corporate Governance cover six main areas:

1. Ensuring the basis for an effective corporate governance framework.

2. The rights of shareholders and key ownership functions.

2
3. The equitable treatment of shareholders.
4. The role of stakeholders.
5. Disclosure and transparency.
6. The responsibilities of the board.

4. Ethical Standards
Ethical codes of conduct are used in many business areas and they are often the framework on which
professions are built. Abiding by a code of conduct is often what defines a professional by providing a
framework for carrying out their fiduciary duties.

Codes of ethics set out fundamental principles and values that provide a vision of high professional
standards. They are designed for those who want to do the right things for the right reasons and set out
a series of behaviours and standards that provide a benchmark for acting ethically and to the highest
professional standards.

In todays markets, the public have little trust in advisers, bankers or other members of the financial
services industry, especially given the experience of past mis-selling scandals and the fallout from the
credit crisis. Rebuilding that trust is seen as essential if the financial services industry is to effectively aid
people in finding suitable and appropriate investment solutions.

3.2.3 The Chartered Institute for Securities & Investment (CISI) Code of
Conduct
For any industry in which trust is a central feature, demonstrable standards of practice, and the means to
enforce them, are a key requirement.

Financial services is one such industry, and the Chartered Institute for Securities & Investment (CISI)
already has in place its own code of conduct. Membership of the CISI requires members to meet the
standards set out within the Institutes principles.

61
CISI Principles
Professionals within the securities and investment industry owe important duties to their clients, the
market, the industry and society at large. Where these duties are set out in law, or in regulation, the
professional must always comply with the requirements in an open and transparent manner.

Membership of the Chartered Institute for Securities & Investment requires members to meet the standards
set out within the Institutes Principles. These Principles impose an obligation on members to act in a way
beyond mere compliance.

The table below sets out the CISI Code of Conduct and the principles that members are expected to
demonstrate and uphold. They set out clearly the expectations upon members of the industry to act in
a way beyond mere compliance. In other words, members must understand the obligation upon them
to act with integrity in all aspects of their work and their professional relationships.

CISI Code of Conduct

The Principles Stakeholder

To act honestly and fairly at all times when dealing with clients, customers and
counterparties and to be a good steward of their interests, taking into account
1. Client
the nature of the business relationship with each of them, the nature of the
service to be provided to them and the individual mandates given by them.
To act with integrity in fulfilling the responsibilities of your appointment and
Firm
2. to seek to avoid any acts, omissions or business practices which damage the
Industry
reputation of your organisation or the financial services industry.
To observe applicable law, regulations and professional conduct standards when
3. carrying out financial service activities, and to interpret and apply them to the Regulator
best of your ability according to principles rooted in trust, honesty and integrity.
To observe the standards of market integrity, good practice and conduct required or Market
4.
expected of participants in markets when engaging in any form of market dealing. participant
To be alert to and manage fairly and effectively and to the best of your ability any
5. Client
relevant conflict of interest.
To attain and actively manage a level of professional competence appropriate to Client
6. your responsibilities, to commit to continuing learning to ensure the currency of Colleague
your knowledge, skills and expertise and to promote the development of others. Self
To decline to act in any matter about which you are not competent unless you
7. have access to such advice and assistance as will enable you to carry out the Client
work in a professional manner.
Industry
8. To strive to uphold the highest personal and professional standards.
Self

The CISIs code of conduct provides direction to members.

62
 Industry Regulation

At the corporate and institutional level this means operating in accordance with the rules of market
conduct, dealing fairly (honestly) with other market participants and not seeking to take unfair
advantage of either. That does not mean that firms cannot be competitive, but that rules and standards
of behaviour are required to enable markets to function smoothly, on top of the actual regulations

2
which provide direction for the technical elements of market operation.

At the individual client relationship level, the Code of Conduct highlights the ethical responsibilities
towards clients, over and above complying with the regulatory framework and legal responsibilities.

If you are guided by ethical principles, compliance with regulation is made very much easier!

63
 End of Chapter Questions

Think of an answer for each question and refer to the appropriate section for confirmation.

1. What are the five main offences relating to money laundering?

Answer reference: Section 2.1.2

2. What documentary evidence should be sought to validate the identity of a corporate client?
Answer reference: Section 2.1.4

3. What type of client might require EDD?

Answer reference: Section 2.1.4

4. Define the term corporate governance.

Answer reference: Section 4

5. What are some of the internal and external mechanisms that can be used to monitor the
effectiveness of corporate governance mechanisms in a company?
Answer reference: Section 3.1

6 What are the main areas covered by the OECD Principles of Corporate Governance?
Answer reference: Section 3.2.3

64